More from the NYT on NSA's Domestic Spying: "Pinwale" Has Your Emails

Following up on their report in April detailing the National Security Agency's systemic and significant "overcollection" — that is, illegal interception — of Americans' domestic communications, James Risen and Eric Lichtblau of the New York Times have just published a new story with even more detail about the NSA's ongoing warrantless wiretapping and the concerns it is raising in Congress.

Thankfully, it appears that the NYT's confirmation in April that the NSA has been exceeding its legal authority and "overcollecting" masses of Americans' communications has spurred some closed-door investigations on Capitol Hill. Today's story focuses on this renewed concern from Congress over the wiretapping program, and what Congress' latest closed-door inquiries have revealed about the ongoing spying:

Those inquiries have led to concerns in Congress about the agency’s ability to collect and read domestic e-mail messages of Americans on a widespread basis, officials said. Supporting that conclusion is the account of a former N.S.A. analyst who, in a series of interviews, described being trained in 2005 for a program in which the agency routinely examined large volumes of Americans’ e-mail messages without court warrants. Two intelligence officials confirmed that the program was still in operation.

The anonymous NSA analyst had some very interesting things to tell the Times. In particular, we now have a name for the secret database program where the NSA stores the millions of foreign and domestic emails that its surveillance vacuum sucks up: it's called "Pinwale".

[The NSA] appears to have tolerated significant collection and examination of domestic e-mail messages without warrants, according to the former analyst, who spoke only on condition of anonymity.

He said he and other analysts were trained to use a secret database, code-named Pinwale, in 2005 that archived foreign and domestic e-mail messages. He said Pinwale allowed N.S.A. analysts to read large volumes of e-mail messages to and from Americans as long as they fell within certain limits — no more than 30 percent of any database search, he recalled being told — and Americans were not explicitly singled out in the searches.

The former analyst added that his instructors had warned against committing any abuses, telling his class that another analyst had been investigated because he had improperly accessed the personal e-mail of former President Bill Clinton.

Other intelligence officials confirmed the existence of the Pinwale e-mail database, but declined to provide further details.

These details are new, but the conclusion is still the same as we've been saying for years now: ordinary Americans' most private emails — even President Clinton's emails! — have been and still are being intercepted in bulk and then stored in secret NSA databases, without probable cause. That's why we're suing the government in our case Jewel v. NSA, and that's why one of the remedies we're asking for in that case is the destruction of the domestic communications and records that the NSA has been illegally hoarding in databases like Pinwale.

Help us rein in this blatant violation of your privacy rights and support our litigation to stop the NSA spying by joining EFF today. With your help, someday your emails, my emails, and even President Clinton's emails may finally be wiped from the NSA's memory banks.

UPDATE: Marc Ambinder at The Atlantic's blog has an interesting follow-up on the NYT story with additional details about the Pinwale database program.

Related Updates

Hiperderecho, the leading digital rights organization in Peru, in collaboration with the Electronic Frontier Foundation, today launched its second ¿Quien Defiende Tus Datos? (Who Defends Your Data?), an evaluation of the privacy practices of the Internet Service Providers (ISPs) that millions of Peruvians use every day. This year's...

The California Consumer Privacy Act (CCPA) requires the California Attorney General to take input from the public on regulations to implement the law, which does not go into effect until 2020. The Electronic Frontier Foundation has filed comments on two issues: first, how to verify consumer requests to companies for...

Ever since the Cambridge Analytica scandal last summer, consumer data privacy has been a hot topic in Congress. The witness table has been dominated by the biggest platforms, with those in lockstep with the tech giants earning the vast majority of attention. However, this week marked the first time that...

We urged the Florida Supreme Court yesterday to review a closely-watched lawsuit to clarify the due process rights of defendants identified by facial recognition algorithms used by law enforcement. Specifically, we told the court that when facial recognition is secretly used on people later charged with a crime, those...

In his latest announcement, Facebook CEO Mark Zuckerberg embraces privacy and security fundamentals like end-to-end encrypted messaging. But announcing a plan is one thing. Implementing it is entirely another. And for those reading between the lines of Zuckerberg’s pivot-to-privacy manifesto, it’s clear that this isn’t just about privacy. It’s...

In back-to-back hearings last week, the House and the Senate discussed what, if anything, Congress should do about online privacy. Sounds fine—until you see who they invited. Congress should be seeking out multiple, diverse perspectives. But last week, both chambers largely invited industry advocates, eager to...

San Francisco - Technology is supposed to make our lives better, yet many big companies have products with big security and privacy holes that disrespect user control and put us all at risk. The Electronic Frontier Foundation (EFF) is launching a new project called “Fix It Already!” demanding repair...

Today we are announcing Fix It Already, a new way to show companies we're serious about the big security and privacy issues they need to fix. We are demanding fixes for different issues from nine tech companies and platforms, targeting social media companies, operating systems, and enterprise platforms on...

Update, 2:35 p.m.: The coalition of groups behind Privacy for All has grown since time of publishing. This update reflects the latest count. Privacy is a right. It is past time for California to ensure that the companies using secretive practices to make money off of our personal information treat...